HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

Related CVEs

CVE-2023-37538

Key Information

GHSA ID

GHSA-q5h8-qcmv-qmcq

Published

October 11, 2023 3:30 PM

Last Modified

April 4, 2024 8:33 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.